<?php
include "connect.php";
session_start();
$user=$_SESSION['user'];
$selectuser="SELECT * from b_users a, b_templates b where b.templateid=a.templateclass and a.username='$user'";
$selectuser2=mysql_query($selectuser);
$selectuser3=mysql_fetch_array($selectuser2);
print "<link rel='stylesheet' href='style.css' type='text/css'>";

if ($selectuser3[status]>=3)
   {


    if(isset($_GET['ID']))
    {

     $ID=$_GET['ID'];
     if(isset($_POST['submit']))
     {
      $forumtitle=$_POST['title'];
      $description=$_POST['content'];
      $sort=$_POST['iconid'];
      $author=$_POST['author'];
      print "<br><br><br><br><table border='0'>";
      print "<tr><td valign='top'><center>";
      print "<table width='70%' border='0' class='maintable'>";
      print "<tr class='headline'><td width='300px'>Admin Options";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      include "adminleft.php";
      print "</td></tr></table></center></td>";
      print "<td valign='top' width='75%'><p align='left'>";
      print "<table width='90%' border='0' class='maintable'>";
      print "<tr class='headline'><td>Edit Forums";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      $updateforum="UPDATE b_news set title='$forumtitle', content='$description', iconid='$sort', author='$author' where id='$ID'";
      mysql_query($updateforum) or die("could not edit forum");
      print "News edited successfully";
      print "</td></tr></table>";    
      print "</center>";
     }
     else
     {
      print "<br><br><br><br><table border='0'>";
      print "<tr><td valign='top'><center>";
      print "<table width='70%' border='0' class='maintable'>";
      print "<tr class='headline'><td width='300px'>Admin Options";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      include "adminleft.php";
      print "</td></tr></table></center></td>";
      print "<td valign='top' width='75%'><p align='left'>";
      print "<table width='90%' border='0'  class='maintable'>";
      $editforum="SELECT * from b_news where id='$ID'";
      $editforum2=mysql_query($editforum) or die("Could not display forum details");
      $editforum3=mysql_fetch_array($editforum2);	  
      print "<tr class='headline'><td>Edit News -> $editforum3[title]";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      print "<form action='editnews.php?ID=$editforum3[id]' method='post'>";
      print "<b>Title:</b><br>";
      print "<input type='text' name='title' value='$editforum3[title]' length='45'><br><br>";
      print "<strong>Icon ID:</strong><br>";
      print "<input type='text' name='iconid' value='$editforum3[iconid]'><br><br>"; ?>
	  <table width="200px" border="0" cellspacing="0" cellpadding="5" style=" color:#FFFFFF">
  <tr align="center">
    <td><img src="../../news/id1.gif"><br>
    1</td>
    <td><img src="../../news/id2.gif" width="30" height="23"><br>
    2</td>
    <td><img src="../../news/id3.gif" width="30" height="23"><br>
      3</td>
  </tr>
  <tr align="center">
    <td><img src="../../news/id4.gif" width="30" height="23"><br>
    4</td>
    <td><img src="../../news/id5.gif" width="30" height="23"><br>
    5</td>
    <td><img src="../../news/id6.gif" width="30" height="23"><br>
      6</td>
  </tr>
  <tr align="center">
    <td><img src="../../news/id7.gif" width="30" height="23"><br>
    7</td>
    <td><img src="../../news/id8.gif" width="30" height="23"><br>
    8</td>
    <td><img src="../../news/id9.gif" width="30" height="23"><br>
      9</td>
  </tr>
</table>
<?
	  print "<br><strong>Author:</strong><br>";
      print "<input type='text' name='author' value='$editforum3[author]'><br><br>";
      print "<b>Content:</b><br>";
      print "<textarea rows='15' name='content' cols='60'>$editforum3[content]</textarea><br><br>";
      print "<input type='submit' name='submit' value='submit'></form>";
      print "</td></tr></table>";    
      print "</center>";
     }
    }
    else if(isset($_GET['DEL']))
	{
	  $DEL1=$_GET['DEL'];
      print "<br><br><br><br><table border='0'>";
      print "<tr><td valign='top'><center>";
      print "<table width='70%' border='0' class='maintable'>";
      print "<tr class='headline'><td width='300px'>Admin Options";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      include "adminleft.php";
      print "</td></tr></table></center></td>";
      print "<td valign='top' width='75%'><p align='left'>";
      print "<table width='90%' border='0' class='maintable'>";
      print "<tr class='headline'><td>Are you sure you want delete this news?";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      print "<br><A href='editnews.php?delete=$DEL1'>Yes, delete this News</a>";
      print "</td></tr></table>";    
      print "</center>"; 
	}
	    else if(isset($_GET['delete']))
	{
	  $DEL2=$_GET['delete'];
      print "<br><br><br><br><table border='0'>";
      print "<tr><td valign='top'><center>";
      print "<table width='70%' border='0' class='maintable'>";
      print "<tr class='headline'><td width='300px'>Admin Options";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      include "adminleft.php";
      print "</td></tr></table></center></td>";
      print "<td valign='top' width='75%'><p align='left'>";
      print "<table width='90%' border='0' class='maintable'>";
      print "<tr class='headline'><td>Delete News";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      $delnews="DELETE from b_news where id='$DEL2'";
      mysql_query($delnews) or die("could not delete news");
      print "News deleted successfully";
      print "</td></tr></table>";    
      print "</center>"; 
	}
	else
    {
      print "<br><br><br><br><table border='0'>";
      print "<tr><td valign='top'><center>";
      print "<table width='70%' border='0' class='maintable'>";
      print "<tr class='headline'><td width='300px'>Admin Options";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      include "adminleft.php";
      print "</td></tr></table></center></td>";
      print "<td valign='top' width='75%'><p align='left'>";
      print "<table width='90%' border='0' class='maintable'>";
      print "<tr class='headline'><td>Edit News";
      print "</td></tr>";
      print "<tr class='forumrow'><td>";
      $forumdisp="SELECT * from b_news order by timepost DESC";
      $forumdisp2=mysql_query($forumdisp) or die("Could not display News");
      print "<br><center><table class='maintable' width='100%'>";
      print "<tr class='headline'><td><b>News Title</b></td>";
      print "<td>Icon ID</td>";
      print "<td>Edit</td><td>Delete?</td></tr><tr><td colspan='5'>&nbsp;</td></tr>";
     
        while ($forumdisp3=mysql_fetch_array($forumdisp2))
        {
		      $content=str_replace("<","&lt;","$forumdisp3[content]");
			  $content2=str_replace(">","&gt;","$content");
			  $content2=str_replace("]"," ]","$content");
			  $content2=str_replace("[","[ ","$content");
              print "<tr class='forumrow'><td valign='top'>$forumdisp3[title]</td>";
              print "<td valign='top'>$forumdisp3[iconid]</td>";
              print "<td valign='top'><A href='editnews.php?ID=$forumdisp3[id]'>Edit</a></td>";
			  print "<td valign='top'><A href='editnews.php?DEL=$forumdisp3[id]'>Delete</a></td></tr>";
			  print "<tr><td colspan='4' style='padding-left: 25px'><font color='#cccccc' size='2'>$content2</font></td></tr>";
            
        }    
        mysql_data_seek($forumdisp2,0); 
      
      print "</table></center>";
      print "</td></tr></table>";    
      print "</center>";
     }
    
   }
else
   {
     print "<br><br><br><br><table width='70%' border='0'>";
     print "<tr class='headline'><td><center>Not logged in as Admin</td></tr>";
     print "<tr class='forumrow'><td>";
     print "You are not logged in as Administrator, please log in.";
     print "<form method='POST' action='../authenticate.php'>";
     print "Type Username Here: <input type='text' name='username' size='15'><br>";
     print "Type Password Here: <input type='password' name='password' size='15'><br>";
     print "<input type='submit' value='submit' name='submit'>";
     print "</form>";
     print "</td></tr></table>";
   }

?>